CERT-UA warns of large-scale cyber attack on energy sector
The Ukrainian Government Computer Emergency Response Team CERT-UA, operating under the State Service for Special Communications and Information Protection, reported on a cyber attack by the Sandworm group (UAC-0082) on Ukrainian energy facilities using Industroyer2 and CaddyWiper malware, the State Service for Special Communications reported on its Telegram channel on Tuesday.
The intention of the attackers was to disable several infrastructure elements of the attack object, namely: electrical substations using the Industroyer2 malware (moreover, each executable file contained a statically specified set of unique parameters for the corresponding substations); electronic computers running the Windows operating system (computers of users, servers, as well as workstations of automated process control systems) - using the destructive malware CaddyWiper; server hardware running the Linux operating system using malicious destructor scripts; active network equipment.
According to State Service for Special Communications, the victim organization experienced two waves of attacks. The initial compromise occurred no later than February 2022. On April 8, 2022, the attackers planned to shut down electrical substations and disable the enterprise's infrastructure. However, the realization of the intent was prevented.
"In order to identify whether there is a similar threat to other organizations in Ukraine, information, including samples of malicious programs, was transferred to international partners and enterprises in the energy sector of Ukraine," the message says.
The government emergency response team of Ukraine CERT-UA expresses special gratitude to Microsoft and ESET.